1

I'm trying to create a self-signed certificate on a Windows Server 2012 R2 machine, as a specific user, using PowerShell 5.1 and the New-SelfSignedCertificate cmdlet but it's missing some key parameters which I need such as -NotAfter, -Subject and -KeySpec.

I'm aware that those parameters are not available in Windows 2012 R2 so I'm looking for a workaround how to manipulate the certificate expiration date and other parameter values (maybe using C#?). This is the code I got which works on machines > 2012 R2:

# Generate cert
$CertName = "TestCert"
$subject = 'CN=' + $CertName
$mycert = New-SelfSignedCertificate -Subject $subject -DnsName "foo.local", "bar.local" -CertStoreLocation "cert:\CurrentUser\My" -NotAfter (Get-Date).AddYears(3) -KeySpec KeyExchange

# Export certificate to .cer file
$exportPath = 'C:\Certs\' + $CertName + '.cer'
$mycert | Export-Certificate -FilePath $exportPath

But only this works on Windows Server 2012 R2:

...
$mycert = New-SelfSignedCertificate -DnsName "TestCert", "foo.local", "bar.local" -CertStoreLocation "cert:\CurrentUser\My"
...
TylerH
  • 20,799
  • 66
  • 75
  • 101
Frets
  • 141
  • 2
  • 11
  • Use this answer to create your own implementation. https://stackoverflow.com/a/52535184/1936966 – filimonic Oct 11 '22 at 14:33
  • I ended up using New-SelfSignedCertificate on my Windows 10 machine and exported the created certificate to the server. Depending on how long you want to set the validity, this manual approach might be an option. – Larsen Feb 21 '23 at 11:08

0 Answers0